PRIVACY STATEMENT

Data Protection Regulation (2016/679)

Prepared: 20.09.2021

Valid from: 4.10.2021

Privacy statement of TechnoSmart Oy's customer register

TechnoSmart Oy collects, stores and processes personal data in accordance with the EU data protection regulation (General Data Protection Regulation, GDPR) and national legislation. When processing personal data, we follow precisely defined processes, documentation, data protection principles and good and careful data processing.

1. Registrar

TechnoSmart Oy, business ID: 1587156-2, postal address: Kympinkatu 3 C, 40320 Jyväskylä

2. Contact in matters concerning the register

Contacts in matters concerning the register: support@technosmart.fi

3. Register name

TechnoSmart Oy's customer register

4. Purpose and legal basis of personal data processing

The personal data contained in this register and collected in this register are processed to carry out TechnoSmart Oy's business.

The basis for the processing of personal data is the contractual relationship between the customer and TechnoSmart Oy, the customer's consent, the order given by the customer or TechnoSmart Oy's legitimate interest. In this context, the legitimate interest of the data controller is the implementation of business, marketing and sales promotion.

Personal data can be processed for the following purposes:

• customer identification and user management,

• serving the customer, managing the customer relationship,
• implementation of operations, services and payment and quality assurance, and business development, as well as analysis and development of the systems in which personal data is processed,
• customer analysis, grouping, reporting and statistics,
• collecting and processing customer feedback and customer satisfaction data,
• implementation and monitoring of communication and marketing,

• targeting, personalization of communication, marketing and services, and management of campaign, contact and transaction history,
• opinion and market surveys, and
• prevention and investigation of abuses and problem situations.

If the data subject does not provide their contact information, TechnoSmart Oy may not be able to enter or continue a contractual relationship with the company, entity or association represented by the data subject, or the data subject cannot act as a contact person for the company, entity or association they represent towards TechnoSmart Oy.

5. Groups of registrants and personal data groups

Those registered are all representatives of TechnoSmart Oy's customers. In this context, customers mean current and former customers. In addition, customers mean parties to whom marketing is directed to create a customer relationship.

The register may contain the following information:

contact information, such as first and last name, address information, telephone number, e-mail address and job description, prohibitions, restrictions, consents and other choices given by the data subject in connection with the use of the service, information supplied, produced or linked by the data subject themselves or about the organization they represent, related to the use of the data subject's identification and verification services necessary information, services used by the data subject including payment information, information collected from the use of websites that can be linked to the data subject, such as IP address or cookie data, data on the implementation of marketing and communication targeted at the data subject, content produced by the data subject themselves, such as customer feedback, data on customer service transactions, information related to data processing, such as the date of storage and data source and any other data collected and stored with the data subject's consent.

6. Data retention period

The information is stored for that amount of time the company or association represented by the registered person is a customer of TechnoSmart Oy and for twenty-four (24) months after termination of the customership. After that, the customer's personal data is automatically deleted, unless otherwise required by legislation. The qualitative content information produced by customer cooperation can be used even after this for scientific or statistical purposes anonymized, without connection to personal data.

7. Regular sources of information

Personal information is obtained either from the registrant himself, from the entity represented by the registrant, or from joint business partners of TechnoSmart Oy and the entity represented by the registrant, or from public sources, such as websites.

In addition, information is obtained in connection with the implementation of customer service and marketing communications, and when the data subject participates in product and service development, research or surveys, and in connection with registration.

Information can also be obtained from the following sources:

by means of cookies or other similar technologies. Cookies are used to collect the following information: visitor's IP address, time of visit, pages browsed and page viewing times, visitor's browser. The user has the option to block the use of cookies at any time by changing their browser settings. Most browser programs allow you to disable the cookie function and delete already saved cookies. Blocking the use of cookies may affect the site's functionality.

8. Regular transfers of data and transfer of data outside the EU or EEA

In principle, personal data is not disclosed to anyone. However, TechnoSmart Oy may use subcontractors in the processing of personal data in the register.

In addition, information is disclosed to the authorities in cases required by law, such as e.g., in the investigation and prevention of abuses.

If necessary, data can be transferred outside the European Union or the European Economic Area in ways permitted by the EU data protection regulation and national legislation.

10. Principles of registry protection

Personal information is kept confidential. There is no manual material. Only those people who have the right to process personal data for their work are entitled to use systems containing personal data.

TechnoSmart Oy's information security solutions are generally accepted in the information security industry and their up-to-dateness is monitored regularly. Each user has their own username and password for the system. The information is collected in databases that are protected by firewalls, passwords and other technical security measures.

11. Profiling

As part of the processing of personal data stored in the customer register, TechnoSmart Oy can also carry out profiling. The purpose of profiling is to enable better targeting of marketing, sales and customer service. Profiling targets the data subject only through their workplace and thus does not affect e.g., the data subject's private life. The purpose is, through profiling, to help e.g., sales to the company or entity represented by the registered person.

12. Rights of the data subject

12.1. The right to inspect and correct data

The registered person has the right to request the correction of incorrect information about them. The request must be made in writing to the address specified in point 2.

The registered person has the right to check what information about them have been stored in the customer register. The request must be made in writing to the address specified in point 2.

12.2. Restriction and objection to processing

In certain situations, the data subject has the right to request the restriction of the processing of their personal data and to object to the processing, e.g., the data subject has the right to prohibit the data controller from processing data concerning them for direct marketing and sales. The above-mentioned requests must be made in writing to the address named in section 2.

12.3. Right of deletion

In certain situations, the registered person has the right to request the deletion of their data. The request must be made in writing to the address specified in point 2.

12.5. The right to transfer data from one system to another

In certain situations, the data subject has the right to demand that the data controller hand over their data in a commonly used transfer format. The right only applies to information that the data subject has provided themselves. The request must be made in writing to the address specified in point 2.

12.7. The right to file a complaint with the supervisory authority

The registered person has the right to file a complaint with the supervisory authority about the way in which the data controller processes the personal data of the registered person. The complaint is made directly to the competent authority as instructed by the competent authority, which is the data protection commissioner in Finland (www.tietosuoja.fi).